Skip to main content

ColdFusion 10: CFFILE - Specifying file content in the tag body

Prior to ColdFusion 10, to write or append to a file one had to specify the file content in the output attribute of CFFILE tag. In ColdFusion 10, you can specify the file content in the body of the cffile tag. In cases where the file content is specified in body as well as in the output attribute, the output attribute would be ignored.


<!--- output attribute will be ignored here ---> <cffile action="write" file="#expandPath("./files/employees.txt")#" output="cffile content"> <?xml version='1.0' encoding='UTF-8'?> <employees> <id = "1"> <firstname>Sagar</firstname> <lastname>Ganatra</lastname> </id> </employees> </cffile>

As observed, the output attribute would be ignored when the file content is specified in the tag body. The above example is also applicable when the action attribute is set to append. This enhancement makes it easy to write any data to a file without having to use the CFSAVECONTENT tag and a temporary variable.

Another important thing to note here is that the output attribute is now optional when action is write\append. However, it is a mandatory attribute when the closing CFFILE tag is not specified:

<!--- Output attribute is mandatory when the closing tag is not specified ---> <cffile action="write" file="#expandPath("./files/employees.txt")#" output="No body" >


  1. This is certainly a nice enhancement, however, does it actually validate that the *content* of the file matches the mim type, or is it simply checking the value of the mime-type header that is sent by the client?  Simply checking the value of the mime-type header without validating the content of the file doesn't really add much security, since it's easy to fake that header.

  2. @ec42b1f555169f2e36a71b3bf2249187 did you see this post: Now you can validate the content when you upload a file to the server.


Post a Comment

Popular posts from this blog

Adding beforeRender and afterRender functions to a Backbone View

I was working on a Backbone application that updated the DOM when a response was received from the server. In a Backbone View, the initialize method would perform some operations and then call the render method to update the view. This worked fine, however there was scenario where in I wanted to perform some tasks before and after rendering the view. This can be considered as firing an event before and after the function had completed its execution. I found a very simple way to do this with Underscore's wrap method.

De-obfuscating javascript code in Chrome Developer Tools

I had blogged about JavaScript debugging with Chrome Developer Tools  some time back, wherein I have explained how these developer tools can help in debugging javascript code. Today Google Chrome 12 was released and my Chrome browser was updated to this version. As with every release, there have been some improvements made on performance, usability etc,. One feature that stood out for me is the ability to De-obfuscate the javascript code. What is Minification? Minification is the process of removing unnecessary characters such as white spaces, comments, new lines from the source code. These otherwise would be added to make the code more readable. Minifying the source code helps in reducing the file size and thereby reducing the time taken to download the file. This is the reason why most of the popular javascript libraries such as jQuery are minified. A minified jQuery file is of 31 KB in size where as an uncompressed one is about 229 KB. Unfortunately, debugging minified javascript f

Custom validation messages for HTML5 Input elements using the constraint validation API

HTML5 has introduced several input types such as EMAIL, URL, RANGE, SEARCH, DATE, TIME, etc,. Most of the modern browsers have implemented them and are ready to be used in a HTML document. Another exciting feature introduced in HTML5 is the form validation. Instead of writing JavaScript to validate users input, browsers can now validate it and show an appropriate message if the validation fails. The validation message is shown in line with the field for which the validation has failed. The default error message is shown when the validation fails. In this post I'll explain how these error messages can be changed.